8 Tutorial: Configuring Levels in Oracle Label Security
This tutorial demonstrates how to create Oracle Label Security levels.
- About This Tutorial
In this tutorial, you will use theHR
schema to learn how to use Oracle Label Security levels. - Step 1: Create a Role and User Accounts
The role that you create will enable any user who is granted it to have theSELECT
privilege on theHR.EMPLOYEES
table. The user accounts are for the two Human Resources employees, Susan Mavris and Ida Neau. - Step 2: Create the Oracle Label Security Policy Container
As an Oracle Label Security administrator, you must create and then enable the policy container. - Step 3: Create the Two Level Components for the Oracle Label Security Policy
After you create the Oracle Label Security policy container, you are ready to create two levels to represent two different levels of sensitivity. - Step 4: Create the Data Labels for the Levels
A data label tags data records for use with the Oracle Label Security policy. - Step 5: Set User Authorizations for the Oracle Label Security Policy
Setting user authorizations entails associating the user with the policy and the minimum and maximum levels that are associated with the Oracle Label Security policy. - Step 6: Apply the Oracle Label Security Policy to the HR Schema
After you apply the policy to theHR
schema, you must enable the policy association withHR
. - Step 7: Add the Policy Labels to the HR.EMPLOYEES Table Data
Both the Oracle Label Security administrator and theHR
user will add the policy labels to theHR.EMPLOYEES
table data in theEMPLOYEE_ID
column. - Step 8: Test the Oracle Label Security Policy
To test the policy, each user will try to query theHR.EMPLOYEES
table. - Step 9: Optionally, Remove the Oracle Label Security Policy Components
You can remove the Oracle Label Security policy,HR_ROLE
role, and users Ida Neau and Susan Mavris.
Parent topic: Oracle Label Security Tutorials
About This Tutorial
In this tutorial, you will use the HR
schema to learn how to use Oracle Label Security levels.
The Human Resources representative, Susan Mavris, has an assistant working for her, Ida Neau. Susan Mavris must have access to all employee records, including records of employees who have left the company. Ida Neau must have access only to employees who are current.
You will create an Oracle Label Security policy that will use the following levels of sensitivity to govern access to current and former employees:
SENSITIVE
enables access to current employees only. User Ida Neau will be assigned this level.HIGHLY_SENSITIVE
enables access to former employees. User Susan Mavris will be assigned this level. This level is a higher level thanSENSITIVE
, which means that it will also provide access to rows protected bySENSITIVE
. In other words, Susan Mavris will have access to both former and current employee records.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 1: Create a Role and User Accounts
The role that you create will enable any user who is granted it to have the SELECT
privilege on the HR.EMPLOYEES
table. The user accounts are for the two Human Resources employees, Susan Mavris and Ida Neau.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 2: Create the Oracle Label Security Policy Container
As an Oracle Label Security administrator, you must create and then enable the policy container.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 3: Create the Two Level Components for the Oracle Label Security Policy
After you create the Oracle Label Security policy container, you are ready to create two levels to represent two different levels of sensitivity.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 4: Create the Data Labels for the Levels
A data label tags data records for use with the Oracle Label Security policy.
HR.EMPLOYEES
table. The rows labeled HS
will correspond to the HS
(HIGHLY_SENSITIVE
) level to be assigned to Susan Mavris, and the rows labeled S
will correspond with the S
(SENSITIVE
) level to be assigned to Ida Neau.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 5: Set User Authorizations for the Oracle Label Security Policy
Setting user authorizations entails associating the user with the policy and the minimum and maximum levels that are associated with the Oracle Label Security policy.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 6: Apply the Oracle Label Security Policy to the HR Schema
After you apply the policy to the HR
schema, you must enable the policy association with HR
.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 7: Add the Policy Labels to the HR.EMPLOYEES Table Data
Both the Oracle Label Security administrator and the HR
user will add the policy labels to the HR.EMPLOYEES
table data in the EMPLOYEE_ID
column.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 8: Test the Oracle Label Security Policy
To test the policy, each user will try to query the HR.EMPLOYEES
table.
Parent topic: Tutorial: Configuring Levels in Oracle Label Security
Step 9: Optionally, Remove the Oracle Label Security Policy Components
You can remove the Oracle Label Security policy, HR_ROLE
role, and users Ida Neau and Susan Mavris.
However, if you want to try the tutorial on how to create Oracle Label Security compartments, then do not remove these components. The tutorial on compartments builds on this tutorial on levels.
Related Topics
Parent topic: Tutorial: Configuring Levels in Oracle Label Security